Security is an increasingly important attribute for software and systems, and has been the theme for this year’s meetings. However, security is not the only software attribute which has to be delivered to make software and systems acceptable to their customers and to the people who will use them. We also value other attributes, such as usability, accessability, efficiency, and reliability. We need to understand the range of attributes, which are risks and priorities for our customers, and which are needed to provide appropriate technical or engineering platforms. The ISO 25000 standard describes measurements for defining requirements and evaluating software attributes, which build to a measure of “quality in use”.

In this talk, Isabel Evans will discuss the range of attributes described in ISO 25000, how these conflict with or complement each other and with the security attributes of the system, and how to prioritise them for development, testing and delivery to our customers.